Microsoft's reprieve on Windows XP antimalware signature support comes as somewhat of a surprise. Company officials had consistently warned that Microsoft would not provide patch support for Windows XP after April 8, 2014, and that the continued use of the operating system after that date could subject users to perpetual "zero-day" attacks. Announcements from company officials have been resolute, insisting that users and organizations get off Windows XP by that date. And that message hasn't changed, despite the backtracking on antimalware definition support.

"This [antimalware support announcement] does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures," Microsoft's announcement stated.

In other words, Windows XP still will lose product support on April 8, 2014, leaving it vulnerable to attacks, although antivirus signatures will continue to be issued. Microsoft will not issue monthly security patches for the OS, although some paying "custom support" customers will get fixes from Microsoft on an ad hoc basis. Microsoft essentially will stop fixing the proprietary Windows XP OS kernel, which Microsoft alone has the authority to patch.

Continued use of the 12-year-old Windows XP OS after the April product expiration date will be a security problem for individuals and organizations, according to security solution tester AV-Test.

"Once these [Windows XP] updates are stopped, the system is sure to develop more holes than a good Swiss cheese over time, as programmers start to produce special exploits for Windows XP vulnerabilities," AV-Test explained in a blog post.

In addition, the track record of Microsoft Security Essentials to protect Windows XP, even with continued antimalware signature support from Microsoft, is not very good, according to AV-Test's antimalware software rankings. The security software testing organization found that Microsoft Security Essentials scored 0 out of 6 points in AV-Test's "protection" category.

Vendor Support for Windows XP

While Microsoft will continue to provide antimalware signature support through July 14, 2015, it's not as generous of an offer as compared with support promised by third-party software vendors. For instance, Kaspersky Lab will provide antimalware support for Windows XP through 2018 for consumers and through the latter half of 2016 for business users. Trend Micro is promising Windows XP support through Jan. 30, 2017. A list of antimalware software vendor support for Windows XP is being compiled by AV-Test and can be accessed at this page.

Windows XP currently holds a 29 percent use rate in the OS market, according to the latest Net Applications' data. AV-Test has found that many Windows XP users are located in China and India. Manufacturers located in those countries are reporting Windows XP use by "60 percent of their customers," according to AV-Tests' research.

Should an individual or organization continue to use Windows XP after the April 8, 2014 date, it's still not enough to rely on updated antimalware solutions for protection, according to AV-Test. For instance, the Internet Explorer 8 browser is tied to the lifecycle of Windows XP, and it loses support at the same time as the OS. AV-Test recommends that individuals switch to Mozilla Firefox or the Google Chrome browser if continuing to use Windows XP. Both Mozilla and Google have pledged continued browser support for Windows XP after Microsoft's April 8 end-of-life date for Windows XP.

Antimalware vendors won't be replacing Microsoft's expiring security patches for Windows XP. Instead, the antimalware signatures that they will provide will just lower the risk of using the OS.

"Although anti-virus programs are unable to replace the soon-to-be abolished security updates for Windows XP, they can at least make it harder for malware to take advantage of your system vulnerabilities," according to AV-Test.

Microsoft also downplayed the protection afforded by antimalware solutions on an unsupported Microsoft OS.

"Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited," Microsoft's announcement stated. "Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape."

And by that statement, Microsoft means that Windows XP users should move to Windows 7 or Windows 8.

This article originally appeared on GCN’s sister site, Redmondmag.com.

inside gcn

Reader Comments

Mon, Jan 20, 2014

Why even deal with this situation in the future? Don't buy systems that allow persistent malware to begin with or force huge, costly, and disruptive OS upgrades. That is a thing of the past.
The world is rapidly moving to the web, mobile, and cloud, not legacy, antiquated client side operating systems with huge O&M costs and constant patch headaches.
http://www.computer.org/portal/web/membership/Top-10-Tech-Trends-in-2014#!
"Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape." Yep, it's called a Chromebook.

Thu, Jan 16, 2014

Bastille Day 2015. Hopefully Windows9 will be available by 4 July 2015.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.